This article provides an overview of classification marking articles in the Internet as published by organisations and institutions.
The list provides a good overview of classification markings, also called security markings. For all these the ClassifyIt tool provides a sound basis to implement and support your users on the best protection of your information and documents.
Traffic Light Protocol (TLP)
A very easy and intuitive classification marking policy for your sensitive and un-sensitive data. The Traffic Light Protocol (TLP) is used by Computer Emergency Response Teams (CERTs) to provide classification markings to their documents when exchanging with other CERTs. TLP is a real standard which could be used by any entity (company or agency) to apply classification marking, and therefore data protection rules and regulations, to their documents.
RED - personal for named recipients only
In the context of a meeting, for example, RED information is limited to those present at the meeting. In most circumstances, RED information will be passed verbally or in person.
AMBER - limited distribution
The recipient may share AMBER information with others within their organization, but only on a ‘need-to-know’ basis. The originator may be expected to specify the intended limits of that sharing.
GREEN - community wide
Information in this category can be circulated widely within a particular community. However, the information may not be published or posted publicly on the Internet, nor released outside of the community.
WHITE - unlimited
Subject to standard copyright rules, WHITE information may be distributed freely, without restriction.
Read more ...
- US CERT: Traffic Light Protocol (TLP) Definitions and Usage
- German BSI (German): Merkblatt „Traffic Light Protocol (TLP)“
- ENISA: Considerations on the Traffic Light Protocol
USA - Marking of Classified Information
The US Department of Defence (DoD) established an all-embracing security classification marking schema which covers very complex issues of classification markings and release aspects.
EU - Protection of Classified Information
The European Council established comprehensive security rules for the protection of classified information/documents. It addresses multiple aspects of information protection which provides a high assurance for protecting classified documents.
NATO - Security within the North Atlantic Treaty Organisation
NATO established a comprehensive policy for the protection of classified information. The linked document combines security agreement aspects and the basic principles and minimum standards of security to be applied by NATO, nations and NATO civil and military bodies in order to ensure that a common degree of protection is given to classified information exchanged among the parties.
UC Berkeley - Information Security and Policy
The Berkeley University of California has set an effective data classification standard to protect campus data.https://security.berkeley.edu/data-classification-standard